# CVE-2022-26809

Detects attempts and successful exploitation of
a remote code execution vulnerability over DCE/RPC. This package is described in
detail in [this Corelight blogpost]( This package generates the following

* `CVE_2022_26809::ExploitAttempt`, and
* `CVE_2022_26809::ExploitSuccess`

The first is generated when an attack is attempted, but does not necessarily
succeed. The second is fired only when a successful exploit is detected and
should be investigated immediately. No new logs are generated. This package can
be installed with `zkg` using the following commands:

$ zkg refresh
$ zkg install cve-2022-26809

Corelight customers can install it by updating the CVE bundle.